Trend Micro classifies Microsoft’s Edge updates as malware



Trend Micro’s Apex One endpoint security solution mistakenly recognized Microsoft’s Edge web browser updates as malware. Windows registry changes made in error can be repaired.

False positives have always poisoned the lives of security managers. Even more so when these come from completely legitimate solutions, as was the case with Edge updates which were considered as such by a Trend Micro solution. Specialized in the protection of endpoints, Apex One has indeed detected the version upgrades of Microsoft’s web browser as malware. A finding that has spread like wildfire on the web by several hundred users both on the forums of the security editor and on reddit. These false positives affect package updates stored in the Microsoft Edge installation folder, detected as malware by Apex One as TROJ_FRS.VSNTE222 and Virus/Malware: TSC_GENCLEAN.

“Trend Micro is aware of a detection issue that was reported earlier today regarding a potential false positive with Microsoft Edge and a Trend Micro Smart Scan model. The model has been updated to remove the detection in question and we are investigating the root cause of the problem. “Please make sure the Smart Scan Agent Pattern is version 17.541.00 or later and the Smart Scan Pattern is version 21474.139.09 or later, this resolves the issue.”

A possible workaround

In the event that applying the update does not work, the security editor offers a workaround of excluding the location of the msedge_200_percent.pak package file that Apex One mistakenly detected. This exclusion applies to the following locations:

C:Program Files (x86)MicrosoftEdgeApplication101.0.1210.32*;
C:Program FilesMicrosoftEdgeApplication101.0.1210.32*;
C:Program Files (x86)MicrosoftEdgeWebViewApplication101.0.1210.32*;
C:Program Files (x86)MicrosoftEdgeCore101.0.1210.32*;
C:Program Files (x86)MicrosoftEdgeApplication101.0.1210.32*;
C:Program Files (x86)MicrosoftEdge BetaApplication101.0.1210.31*.

Repair Windows Registry Changes

Unfortunately, other issues may also have been raised by users: “It has been reported that some customers have observed registry changes as a result of detection based on their endpoint wipe configuration settings,” said TrendMicro. To overcome this situation, a procedure has also been pushed to recover the changes made to the Windows registers.

1. On the affected machine, open a command prompt with elevated administrator rights;
2. Navigate to the Backup folder on the affected machine running the Apex One Agent (usually C:Program Files (x86)Trend MicroSecurity AgentBackup).
3. There must be a file named, TSE_GENCLEAN_XXXX_XX_XX_XX_XX_XXX_XXX_XXX.DAT in the folder and write down this name (ex: TSC_GENCLEAN_2022_05_03_17_54_14_118_035.DAT);
4. Go back to the Agent folder (usually C:Program Files (x86)Trend MicroSecurity Agent);
5. Launch/execute the following command:
has. 64-bit systems: tsc64.exe -restore=.backupTSC_GENCLEAN_XXXX_XX_XX_XX_XX_XXX_XXX_XXX.DAT
b. 32-bit machines: tsc.exe -restore=.backupTSC_GENCLEAN_XXXX_XX_XX_XX_XX_XXX_XXX_XXX.DAT

The editor clarifies that the TSC_GENCLEAN_XXXX_XX_XX_XX_XX_XXX_XXX_XXX.DAT file in command string a and b should be replaced with the name of the one noted in step number 3.” Please note that administrators looking to use this script as a batch file or through another method should first carefully review the script and test it in their environment before any large-scale development,” the publisher explained. “Customers who continue to experience issues are encouraged to contact their authorized Trend Micro representative for assistance. »

Leave a Comment

Your email address will not be published.